thr3ads.net - Secure testing commits - [Secure-testing-commits] r13503

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Dec-09 21:14 UTC
[Secure-testing-commits] r13503 - data/CVE

Author: joeyh
Date: 2009-12-09 21:14:22 +0000 (Wed, 09 Dec 2009)
New Revision: 13503

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-09 20:21:15 UTC (rev 13502)
+++ data/CVE/list	2009-12-09 21:14:22 UTC (rev 13503)
@@ -1,8 +1,28 @@
-CVE-2009-4228 [xfig stack-consumption DoS]
+CVE-2009-4236 (The process function in ...)
+	TODO: check
+CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local
users ...)
+	TODO: check
+CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in
modules/mod_yj_whois.php ...)
+	TODO: check
+CVE-2009-4232 (The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does
not ...)
+	TODO: check
+CVE-2009-4231 (Directory traversal vulnerability in as/lib/plugins.php in
SweetRice ...)
+	TODO: check
+CVE-2009-4230 (Multiple stack-based buffer overflows in src/Task.cc in the
FastCGI ...)
+	TODO: check
+CVE-2009-4229 (Multiple SQL injection vulnerabilities in ActiveWebSoftwares
Active ...)
+	TODO: check
+CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris
...)
+	TODO: check
+CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control
...)
+	TODO: check
+CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and
...)
 	- xfig <unfixed>
 	TODO: check
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
-CVE-2009-4227 [xfig read_1_3_textobject issue]
+CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function
in ...)
 	- xfig 1:3.2.5.b-1 (bug #559274)
 	TODO: check
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
@@ -420,8 +440,8 @@
 	RESERVED
 CVE-2009-4034
 	RESERVED
-CVE-2009-4033
-	RESERVED
+CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a
call to ...)
+	TODO: check
 CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86
...)
 	- linux-2.6 <unfixed> (low)
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
@@ -532,8 +552,7 @@
 	RESERVED
 CVE-2009-3995
 	RESERVED
-CVE-2009-3994 [devil buffer overflow]
-	RESERVED
+CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
 	- devil 1.7.8-6 (low; bug #560080)
 CVE-2009-3993
 	RESERVED
@@ -918,8 +937,8 @@
 	RESERVED
 CVE-2009-3845
 	RESERVED
-CVE-2009-3844
-	RESERVED
+CVE-2009-3844 (Unspecified vulnerability in HP OpenView Data Protector
Application ...)
+	TODO: check
 CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a
&quot;hidden account&quot; in ...)
 	NOT-FOR-US: HP Operations Manager
 CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530
Multifunction ...)
@@ -1641,8 +1660,8 @@
 	NOT-FOR-US: eTrust Antivirus
 CVE-2009-3587 (Unspecified vulnerability in the arclib component in the
Anti-Virus ...)
 	NOT-FOR-US: eTrust Antivirus
-CVE-2009-3586
-	RESERVED
+CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier
allows ...)
+	TODO: check
 CVE-2009-3585 (Session fixation vulnerability in
html/Elements/SetupSessionCookie in ...)
 	{DSA-1944-1}
 	- request-tracker3.4 <removed>
@@ -4128,8 +4147,8 @@
 	[etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
 	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
 	- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
-CVE-2009-2843
-	RESERVED
+CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1
...)
+	TODO: check
 CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain
(1) Open ...)
 	TODO: check
 CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform
the ...)
@@ -4434,8 +4453,8 @@
 	RESERVED
 CVE-2009-2750
 	RESERVED
-CVE-2009-2749
-	RESERVED
+CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA)
before ...)
+	TODO: check
 CVE-2009-2748
 	RESERVED
 CVE-2009-2747
@@ -7908,10 +7927,10 @@
 	RESERVED
 CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
 	- gimp 2.6.7-1.1 (medium; bug #555929)
-CVE-2009-1569
-	RESERVED
-CVE-2009-1568
-	RESERVED
+CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client
4.38, ...)
+	TODO: check
+CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint
Client ...)
+	TODO: check
 CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts
Photobox ...)
 	TODO: check
 CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio
...)
@@ -8772,8 +8791,7 @@
 	NOT-FOR-US: Perl Nopaste
 CVE-2009-1299
 	RESERVED
-CVE-2009-1298 [linux-2.6: ipv4 denial-of-service]
-	RESERVED
+CVE-2009-1298 (The ip_frag_reasm function in ipv4/ip_fragment.c in Linux kernel
...)
 	{DTSA-204-1}
 	- linux-2.6 2.6.32-1 (low)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.29)
Secure testing commits - Dec 2009 - r13503 - data/CVE

[Secure-testing-commits] r13503 - data/CVE
